package com.ddone.controller;

import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

/**
 * @author ddone
 * @date 2024/3/31-19:17
 */
@RestController
public class SecurityController {

    @RequestMapping("/add.do")
    @PreAuthorize("hasAuthority('add')")
    public String add(){
        System.out.println("add...");
        return "success";
    }

    //表示用户必须拥有ROLE_ADMIN角色才能调用当前方法
    @RequestMapping("/update.do")
    @PreAuthorize("hasRole('ROLE_ADMIN')")
    public String update(){
        System.out.println("update...");
        return "success";
    }

    // //表示用户必须拥有ABC角色才能调用当前方法
    @RequestMapping("/delete.do")
    @PreAuthorize("hasRole('ABC')")
    public String delete(){
        System.out.println("delete...");
        return "success";
    }

    @RequestMapping("/logout")
    public String logout(){
        return "登出";
    }
}
